Mbed TLS version 2.13.0 has now been released, in addition to maintenance releases for Mbed TLS 2.1 and Mbed TLS 1.3.
Mbed TLS 2.13.0 introduces several new features improving our support for DTLS over low-bandwidth, high latency networks with high packet loss. Specifically:
- Support for fragmentation of outgoing handshake messages, allowing the use of Mbed TLS across networks with datagram links with MTUs as low as 512 bytes, making it suitable for NB-IOT networks.
- Grouping outgoing handshake messages in a single datagram, reducing both the network load and the likelihood of reordering effects.
- Reordering handshake packets that have been received out of order, reducing the number of retransmissions necessary to complete a handshake, and therefore increasing handshake efficiency and reducing network load.
This release also addresses one security issue and resolves multiple defects. Mbed TLS 2.7.6 and 2.1.15 are maintenance releases, and intentionally do not contain new features to avoid changing the library interface and allow users to change library versions easily.
- (2.13, 2.7, 2.1) Fixed an issue in the X.509 module which could lead to a buffer overread during certificate extensions parsing. A read of one byte beyond the limit of the input buffer was made, when the extensions length field was zero. Found by Nathan Crandall.
(2.13) Added support for fragmentation of outgoing DTLS handshake messages. This is controlled by the maximum fragment length set locally or negotiated with the peer, or alternatively by a new per-connection MTU (Maximum Transmission Unit) option, set using
(2.13) Added support for the automatic adjustment of the MTU to a safe value during the handshake for when flights of messages are not received, as defined by (RFC 6347, section 220.127.116.11).
(2.13) Added support for the packing of multiple records into a single datagram. This feature is enabled by default.
(2.13) Added support for buffering of out-of-order handshake messages in DTLS. The maximum amount of RAM used for this can be controlled by the compile-time constant
MBEDTLS_SSL_DTLS_MAX_BUFFERINGas defined in the configuration file.
- (2.13) Added the function
mbedtls_ssl_set_datagram_packing()to configure the use of datagram packing. This feature is enabled by default.
(2.13, 2.7, 2.1) Fixed a potential memory leak in
mbedtls_ssl_setup()function. An allocation failure in the function could lead to other buffers being leaked.
(2.13, 2.7, 2.1) Fixed an issue with
MBEDTLS_CHACHAPOLY_Cwhich would not compile if
MBEDTLS_CIPHER_NULL_CIPHERweren't also defined, and an issue with the wrong test dependencies for
(2.13, 2.7, 2.1) Fixed a memory leak in
ecp_precompute_comb()fails. Fix contributed by Espressif Systems.
(2.13, 2.7, 2.1) ECC extensions are now only included if an ECC based ciphersuite is used. This improves compliance to (RFC 4492, and as a result, solves interoperability issues with BouncyCastle. Raised by milenamil in #1157.
(2.13, 2.7, 2.1) Fixed a potential use-after-free issue in
mbedtls_ssl_get_record_expansion()after a session reset. Fixes #1941.
(2.13, 2.7, 2.1) Fixed a miscalculation of the maximum record expansion in
mbedtls_ssl_get_record_expansion()when using the Chacha-Poly1305 ciphersuites or any CBC ciphersuites in (D)TLS versions 1.1 or higher. Fixes #1913 and #1914.
(2.13, 2.7, 2.1) Fixed a bug that caused SSL/TLS clients to incorrectly abort the handshake with TLS versions 1.1 and earlier when the server requested authentication without providing a list of CA's (Certificate Authorities). This was due to an overly strict bounds check in parsing the
CertificateRequestmessage, introduced in Mbed TLS 2.12.0. Fixes #1954.
(2.13, 2.7, 2.1) Fixed a memory leak and free without initialization in the
pk_decryptexample programs. Reported by Brace Stout. Fixes #1128.
(2.13, 2.7, 2.1) Fixed undefined shifts with negative values in certificates parsing. Fixed by Catena Cyber, with credit for finding the issue to OSS-Fuzz.
mbedtls_printf()in the ARIA module. Found by TrinityTonic in #1908.
(2.13) Removed a redundant else statement. Raised by irwir. Fixes #1776.
(2.13, 2.7) Improved interworking with some alternative Mbed OS hardware accelerated CCM implementations by using CCM test vectors from RAM.
(2.13) Added support to preserve the timestamps of headers copied when doing a
make install. Contributed by xueruini.
(2.13) Forward declaration of
structsin the public interface are now possible. Contributed by Dawid Drozd. Fixes #1215 raised by randombit.
(2.13) Added support for buffering of out-of-order handshake messages. Original contribution by Bryce Kahle.
(2.13) Added warnings to the documentation of the HKDF module to reduce the risk of misusing the
mbedtls_hkdf_expand()functions. Fixes #1775. Reported by Brian J. Murray.
Who should update
We recommend all users should update to take advantage of the bug fixes contained in this release at an appropriate point in their development lifecycle.
Users of Mbed TLS 1.3 or any earlier version are recommended to upgrade to one of the maintained releases as Mbed TLS 1.3 has now reached its end-of-life.
End of life for Mbed TLS 2.1
Mbed TLS 2.1.0 was first shipped on 4th September 2015, and is nearing the end of its life. Mbed TLS 2.1 will not be supported after Autumn 2018. All users of Mbed TLS 2.1 are advised to upgrade to a later version of Mbed TLS wherever possible. The latest long-term support branch is Mbed TLS 2.7.
Get your copy here:
The hashes for files/mbedtls-2.13.0-apache.tgz are:
SHA-1: 6f52c687d7f925771b3c82346e126c1d2ef6e51f SHA-256: 593b4e4d2e1629fc407ab4750d69fa309a0ddb66565dc3deb5b60eddbdeb06da
The hashes for files/mbedtls-2.13.0-gpl.tgz are:
SHA-1: c08ece280db88b765ae626254000bbe192f48bb2 SHA-256: a08ddf08aae55fc4f48fbc6281fcb08bc5c53ed53ffd15355ee0d75ec32b53ae
The hashes for files/mbedtls-2.7.6-apache.tgz are:
SHA-1: 8ca8825f2bdb97ed1ed9180d24485a609b55b8b2 SHA-256: 936237a1cfef20590575c60dbb577728e5dbd40f6d0eef8f92a93fba7bb6823a
The hashes for files/mbedtls-2.7.6-gpl.tgz are:
SHA-1: 85098a0c7740df396d3df44d6c8e089dc182e346 SHA-256: 8036f9e392ad5d43e982ebd9508e7a62264fa858e3418adb844752969e580abf
The hashes for files/mbedtls-2.1.15-apache.tgz are:
SHA-1: a455e4e7d17ec3a3696dfca7135bf22436017393 SHA-256: 3d1de330ddf5de1dfb9651a5ce1c2bb6478c4b97f2080844a92c15e7b5d3f4dd
The hashes for files/mbedtls-2.1.15-gpl.tgz are:
SHA-1: 4ae4b898284f310877e39d0b38b20f10c6dae8be SHA-256: 6c74cc692f965d60a63e9d9fd42f389ade1cc00033410795048057019040a98f